Cybercriminals Snap Up Expired Domains to Serve Malicious Ads: Report

Expired domain names are becoming the latest route for cybercriminals to find their way into the computers of unsuspecting users.

Cybercriminals launched a malicious advertising campaign this week targeting visitors of popular news and entertainment websites after gaining ownership of an expired web domain of an advertising company.

Users visiting the websites of the New York Times, Newsweek, BBC and AOL, among others, may have installed malware on their computers if they clicked on the malicious ads.

Bresntsmedia.com, the website used by hackers to serve up malware, expired on Jan. 1 and was registered again on March 6 by a different buyer, security researchers at Trustwave SpiderLabs wrote in a blog.

Buying the domain of a small but legitimate ad company provided the criminals with high quality traffic from popular web sites that publish their ads directly, or as affiliates of other ad networks, the researchers said.

New York Times spokesman Jordan Cohen said the company was investigating if the attack had any impact. “To be clear, this is impacting ads from third parties that are beyond our control.”

Newsweek, BBC and AOL could not be immediately reached for comment.

The researchers also found two more expired “media”-related domains – envangmedia.com and markets.shangjiamedia.com – used by the same cybercriminals.

The people behind the campaign may be on keeping a watch for expired domains with the word “media” in them, they said.